package net.cjw.initsb.config.shiro;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import net.cjw.initsb.dao.ManageUserMapper;
import net.cjw.initsb.dao.PermissionMapper;
import net.cjw.initsb.dao.RoleMapper;
import net.cjw.initsb.entity.ManageUser;

@Component
public class UserRealm extends AuthorizingRealm {

	Logger logger = LoggerFactory.getLogger(this.getClass());

	@Autowired
	private ManageUserMapper manageUserMapper;
	@Autowired
	private RoleMapper roleMapper;
	@Autowired
	private PermissionMapper permissionMapper;

	/*
	 * 用于的权限的认证
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		logger.info("AuthorizationInfo");
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		String username = principals.getPrimaryPrincipal().toString();// 获取当前通过验证的用户的用户名
		logger.info("获取当前验证的用户的用户名: " + username);

		Set<String> roles = new HashSet<>();
		Set<String> permissions = new HashSet<>();

		ManageUser tmp;
		ManageUser rs;
		tmp = new ManageUser();
		tmp.setUsername(username);
		rs = manageUserMapper.selectOne(tmp);
		if (rs.getIsAdmin()) {
			// admin用户配置
			roles.add("admin");// 配置角色
			// 获取所有权限
			List<String> pers = permissionMapper.selectPermissionValueAll();
			permissions.addAll(pers);
		} else {
			// 普通用户配置
			String roleValue = roleMapper.selectRoleValueByUsername(username);// 单角色
			roles.add(roleValue);
			// 通过角色查询权限
			List<String> pers = permissionMapper.selectPermissionValueByRoleValue(roleValue);
			// 查询数据库获取用户的角色和权限数据
			permissions.addAll(pers);

		}
		info.setStringPermissions(permissions);
		info.setRoles(roles);
		return info;

	}

	/**
	 * 首先执行这个登录验证
	 * 
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		logger.info("AuthenticationInfo");

		String username = token.getPrincipal().toString();// 获取当前验证的用户的用户名
		String password = token.getCredentials().toString();// 以被加密
		logger.info("AuthenticationInfo username: " + username);
		logger.info("AuthenticationInfo password: " + password);

		// 查询数据库密码
		ManageUser tmp;
		ManageUser rs;
		tmp = new ManageUser();
		tmp.setUsername(username);
		rs = manageUserMapper.selectOne(tmp);
		if (rs == null) {
			return null;
		}
		String dbPassword = rs.getPassword();
		// 将查询到的用户账号和密码存放到 authenticationInfo用于后面的权限判断。第三个参数传入realName。
		AuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(username, dbPassword, username);
		return authenticationInfo;
	}

}